‘Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens. Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.’

Same Password for Multiple Accounts

What is more likely is that Dropbox itself has not been hacked, but a third-party service was hacked and accounts farmed from this. This could greatly reduce the number of accounts actually compromised.

So it seems that the hackers used the list of farmed emails & passwords obtained to see which ones worked on other services. This was possible due to people using the same password for multiple accounts.

Users should have different passwords for different sites. KeePass Password Safe is an easy-to-use password manager.

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).”